package com.f1ussh.serviceuser.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @Author: 马腾飞
 * @CreateTime: 2025-10-01
 * @Description:
 * @Version: 1.0
 */


@Configuration
@EnableWebSecurity
public class SecurityConfig {


    /**
     * 密码加密
     *
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        // 这是最常用的配置
        return new BCryptPasswordEncoder(12); // 强度12，平衡安全与性能
    }

    /**
     * 接口放行
     *
     * @param http
     * @return
     * @throws Exception
     */
   /* @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http

                .authorizeHttpRequests(authz -> authz

                        .antMatchers("/api/**").permitAll()  // 放行所有API接口
                        .antMatchers("/druid/**").denyAll()  // 拒绝德鲁伊访问（可选）
                        .anyRequest().authenticated()
                )
                .csrf(csrf -> csrf.disable())  // 禁用CSRF
                .formLogin(form -> form.disable())  // 禁用表单登录
                .httpBasic(httpBasic -> httpBasic.disable());  // 禁用HTTP Basic认证

        return http.build();
    }*/
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        System.out.println("🎯 SecurityFilterChain 配置生效");

        http
                .authorizeHttpRequests(authz -> authz
                        .antMatchers("/api/**").permitAll()  // 允许所有 /api 路径
                        .anyRequest().authenticated()
                )
                .csrf(csrf -> csrf.disable());

        return http.build();
    }


}

